Skip to content

fix(miner): bound oauth-device-flow.js's GitHub fetches with a request timeout#7048

Merged
JSONbored merged 1 commit into
JSONbored:mainfrom
galuis116:fix/oauth-device-flow-fetch-timeout
Jul 17, 2026
Merged

fix(miner): bound oauth-device-flow.js's GitHub fetches with a request timeout#7048
JSONbored merged 1 commit into
JSONbored:mainfrom
galuis116:fix/oauth-device-flow-fetch-timeout

Conversation

@galuis116

Copy link
Copy Markdown
Contributor

Summary

  • packages/loopover-miner/lib/oauth-device-flow.js's two GitHub-facing fetches — requestDeviceCode and pollForAccessToken's per-attempt fetch — had no AbortSignal.timeout, unlike every other GitHub-facing fetch in this package (github-token-resolution.js's GITHUB_TOKEN_FETCH_TIMEOUT_MS precedent, and everything routed through http-retry.js).
  • pollForAccessToken's own deadline check only fires between polling attempts, so a single stalled connection mid-fetch could hang indefinitely rather than being caught by the deadline — undermining init-wizard.js's documented "never a hard dependency ... automatic fallback on any device-flow failure", since a hang never reaches the catch meant to trigger the pasted-token fallback.
  • Adds a local DEVICE_FLOW_FETCH_TIMEOUT_MS = 10_000 constant (matching the package's existing per-file constant convention) and wires signal: AbortSignal.timeout(...) into both fetches.
  • Wraps pollForAccessToken's per-attempt fetch in try/catch: a timeout/abort is now a per-attempt failure that continues the polling loop (still bounded by the existing deadline check), not an unhandled rejection that crashes the flow.

Scope

  • The PR title follows type(scope): short summary Conventional Commit format.
  • This PR is focused and does not mix unrelated backend, UI, MCP, docs, dependency, and deploy changes.
  • This follows CONTRIBUTING.md and does not reintroduce GitHub Pages, VitePress, site/, or CNAME.
  • I linked a currently open issue this PR resolves.

Closes #6988

Validation

  • git diff --check
  • npm run actionlint
  • npm run typecheck — the whole-repo tsc --noEmit reliably OOMs on this shared, memory-constrained sandbox regardless of what changed; node --check on the modified file (passed) plus the full targeted vitest run below stand in as the local proxy, and CI's isolated runner performs the authoritative tsc --noEmit. This module's public function signatures are unchanged (verified against its hand-maintained oauth-device-flow.d.ts companion — only internal fetch-call bodies changed), so no .d.ts update was needed.
  • npm run test:coveragetest/unit/miner-oauth-device-flow.test.ts (27 tests, incl. 4 new: the AbortSignal timeout on both fetches, a rejected/timed-out attempt still retrying to a successful poll, and a permanently-stalled connection still respecting the deadline) — 27/27 passing.
  • npm run test:workers / npm run build:mcp / npm run test:mcp-pack / npm run ui:openapi:check (not applicable — this is a CLI-package module with no Worker/MCP-packaging/API-schema surface)
  • npm audit --audit-level=moderate (no dependency changes)
  • New or changed behavior has unit/integration tests for new branches, fallback paths, and sanitizer boundaries

If any required check was skipped, explain why:

  • The whole-repo npm run typecheck OOMs on this specific sandbox under current memory pressure regardless of diff size; node --check (syntax) plus the full targeted test run above are the local proxy for this JS module, and CI's isolated runner performs the real tsc --noEmit (which type-checks the unchanged, hand-maintained .d.ts companion against this file's actual exports). npm run test:workers and the MCP/OpenAPI checks have no surface to exercise for a change scoped to two fetch calls in one miner CLI module.

Safety

  • No secrets, wallet details, hotkeys, coldkeys, user PATs, private keys, raw trust scores, private rankings, or private maintainer evidence are exposed.
  • Public GitHub text stays sanitized, low-noise, and does not imply compensation guarantees or optimization tactics.
  • Auth, cookie, CORS, GitHub App, Cloudflare, or session changes include negative-path tests. This touches the OAuth device-flow authorization path; the new tests cover the timeout/abort failure path explicitly.
  • API/OpenAPI/MCP behavior is updated and tested where needed. (N/A — internal CLI module, no API/OpenAPI/MCP surface.)
  • UI changes use live API data or real empty/error/loading states, not production mock/demo fallbacks. (N/A — no UI changes.)
  • Visible UI changes include a UI Evidence section below with JPG/JPEG or PNG screenshots. (N/A — backend CLI-only change, no UI surface.)
  • Public docs/changelogs are updated where needed; changelogs are only edited for release-prep PRs.

…t timeout

requestDeviceCode and pollForAccessToken's per-attempt fetch had no
AbortSignal.timeout, unlike every other GitHub-facing fetch in this
package -- a stalled connection could hang indefinitely instead of
reaching init-wizard.js's documented pasted-token fallback. A timed-out
poll attempt is now caught and treated as a per-attempt failure that
still retries, bounded by the existing deadline, rather than an
unhandled rejection.
@galuis116
galuis116 requested a review from JSONbored as a code owner July 17, 2026 19:31
@superagent-security

Copy link
Copy Markdown
Contributor

Superagent didn't find any vulnerabilities or security issues in this PR.

@codecov

codecov Bot commented Jul 17, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 93.74%. Comparing base (7a7f90a) to head (77ca20f).
⚠️ Report is 27 commits behind head on main.

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #7048      +/-   ##
==========================================
- Coverage   93.75%   93.74%   -0.01%     
==========================================
  Files         692      692              
  Lines       68760    68709      -51     
  Branches    18769    18760       -9     
==========================================
- Hits        64463    64412      -51     
  Misses       3302     3302              
  Partials      995      995              
Flag Coverage Δ
shard-1 43.38% <0.00%> (-0.41%) ⬇️
shard-2 36.85% <0.00%> (-0.01%) ⬇️
shard-3 33.16% <0.00%> (-0.12%) ⬇️
shard-4 34.39% <0.00%> (+0.48%) ⬆️
shard-5 31.66% <0.00%> (-0.58%) ⬇️
shard-6 46.07% <100.00%> (+0.31%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
packages/loopover-miner/lib/oauth-device-flow.js 100.00% <100.00%> (ø)

... and 1 file with indirect coverage changes

@loopover-orb loopover-orb Bot added the gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. label Jul 17, 2026
@loopover-orb

loopover-orb Bot commented Jul 17, 2026

Copy link
Copy Markdown

Tip

✅ LoopOver review result - approve/merge recommended

Review updated: 2026-07-17 19:53:19 UTC

2 files · 1 AI reviewer · no blockers · readiness 80/100 · CI green · clean

✅ Suggested Action - Approve/Merge

  • safe to merge

Review summary
This PR adds AbortSignal.timeout to both GitHub-facing fetches in oauth-device-flow.js and wraps the polling fetch in try/catch so a stalled connection is treated as a per-attempt failure that continues the bounded polling loop rather than hanging or crashing. The fix is at the correct layer (the actual fetch call sites), matches the existing DEVICE_FLOW_FETCH_TIMEOUT_MS convention used elsewhere in the package, and is directly tied to open issue #6988. Tests exercise the real timeout wiring, the retry-after-rejection path, and the deadline-still-bounds-a-permanently-failing-connection path, all against the actual code paths shown in the full file.

Nits — 4 non-blocking
  • The bare `catch { continue; }` in pollForAccessToken (oauth-device-flow.js:93-97) swallows any fetch rejection, not just AbortSignal timeouts — a DNS failure or network error is now silently retried until the deadline instead of surfacing distinctly, though this is consistent with the PR's stated per-attempt-failure design.
  • The external brief flags test/unit/miner-oauth-device-flow.test.ts:133 as a potential leaked secret, but that line is a mocked DOMException('The operation was aborted', 'TimeoutError') test fixture, not a real credential — false positive.
  • Consider whether a distinct log/counter for timeout-vs-other-fetch-errors during polling would help operators diagnose persistent connectivity issues without changing the fallback behavior.
  • Possible secret-shaped assignment in the diff (generic_secret_assignment) — Verify the value is not a real credential.

Decision drivers

  • ✅ Code review — No blockers (1 reviewer)
  • ✅ Gate result — Passing (No configured blocker found.)
Context & advisory signals — never blocks the verdict
Signal Result Evidence
Linked issue ✅ Linked #6988
Related work ⚠️ 1 scoped overlap Top overlaps are listed below; lower-confidence bulk is hidden.
Change scope ❌ 8/20 High review scope from cached public metadata (1 linked issue).
Validation posture ✅ 25/25 PR body includes validation/test evidence.
Contributor workload ✅ 10/10 Author activity: 1962 registered-repo PR(s), 1288 merged, 52 issue(s).
Contributor context ✅ Confirmed Gittensor contributor galuis116; Gittensor profile; 1962 PR(s), 52 issue(s).
Improvement ✅ Minor risk: clean · value: minor
Review context
  • Author: galuis116
  • Role context: outside_contributor
  • Public audience mode: oss maintainer
  • Lane context: Repository is configured for direct PR review.
  • Public profile languages: not available
  • Official Gittensor activity: 1962 PR(s), 52 issue(s).
  • Related work: Titles/paths share 7 meaningful terms. (PR #7051)
Contributor next steps
  • Start here: Review top overlaps.
  • Then work through the remaining 2 steps in the Signals table above.
Signal definitions
  • Related work = same linked issue, overlapping active PRs, or title/path similarity.
  • Change scope = cached public metadata such as size labels, draft state, and review-burden hints.
  • Validation posture = whether the PR provides enough public validation/test evidence for maintainer review.
  • Contributor workload = public contributor activity and cleanup pressure, not a repo-wide quality failure.
  • Contributor context = public GitHub/Gittensor identity context; non-Gittensor status is not a blocker.
🧪 Chat with LoopOver

Ask LoopOver a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.

  • @loopover ask &lt;question&gt; answers contribution-quality Q&A with source citations and freshness.
  • @loopover chat &lt;question&gt; answers in natural prose from cached decision-pack facts via local inference (maintainer/collaborator; read-only).
  • A plain-language @loopover mention with a real question is routed to the closest matching read-only command automatically — no exact syntax required.

Full command reference: https://loopover.ai/docs/loopover-commands

🧪 Experimental — new and may change.

🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed


💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →.

Checked by LoopOver, a quiet PR intelligence layer for OSS maintainers.

  • Re-run LoopOver review

@loopover-orb loopover-orb Bot added the manual-review Gittensor contributor context label Jul 17, 2026
@JSONbored
JSONbored merged commit cd9aedf into JSONbored:main Jul 17, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

gittensor:bug Gittensor-scored bug fix — scores a 0.05x multiplier. manual-review Gittensor contributor context

Projects

None yet

Development

Successfully merging this pull request may close these issues.

oauth-device-flow.js's GitHub fetches have no request timeout

2 participants